PT-2026-42828 · Unknown · Pcmanfm-Qt
Published
2026-05-22
·
Updated
2026-05-26
·
CVE-2026-48700
CVSS v4.0
9.3
Critical
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N/R:I/V:D/RE:M/U:Clear |
Name of the Vulnerable Software and Affected Versions
PCManFM-Qt versions 1.1.0 and later
Description
An issue exists where PCManFM-Qt delegates to a different program based on file type without user confirmation when a regular file path is passed as a URI in the 'org.freedesktop.FileManager1.ShowFolders' D-Bus method call. This behavior can be leveraged to achieve code execution or bypass network namespace restrictions.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pcmanfm-Qt